Friday, March 19, 2010

Pentagon Takes Down Saudi-CIA Terrorist Honeypot Website

By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.

[...]

Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon's plan, several key princes were "absolutely furious" at the loss of an intelligence-gathering tool, according to another former U.S. official.

[...]

The Saudi-CIA Web site was set up several years ago as a "honey pot," an online forum covertly monitored by intelligence agencies to identify attackers and gain information, according to three of the former officials. The site was a boon to Saudi intelligence operatives, who were able to round up some extremists before they could strike, the former officials said.

At the time, however, dozens of Saudi jihadists were entering Iraq each month to carry out attacks. U.S. military officials grew concerned that the site "was being used to pass operational information" among extremists, one former official said. The threat was so serious, former officials said, that Gen. Ray Odierno, the top U.S. military commander in Iraq, requested that the site be shut down.

[...]

The CIA argued that dismantling the site would lead to a significant loss of intelligence. The NSA countered that taking it down was a legitimate operation in defense of U.S. troops. Although one Pentagon official asserted that the military did not have the authority to conduct such operations, the top military commanders made a persuasive case that extremists were using the site to plan attacks.

[...]

The CIA didn't endorse the idea of crippling Web sites," said a U.S. counterterrorism official. The agency "understood that intelligence would be lost, and it was; that relationships with cooperating intelligence services would be damaged, and they were; and that the terrorists would migrate to other sites, and they did."

Moreover, the official said, "the site wasn't a pipeline for foreign fighters, it was a broad forum for extremists."

But the concerns of U.S. Central Command and other defense officials prevailed. "Once DoD went to the extent of saying, 'Soldiers are dying,' because that's ultimately what the command in Iraq, what Centcom did, it's hard for anyone to push back," one former official said.

The matter appeared settled, ex-officials said. The military would dismantle the site, eliminating the need to inform Congress.

A group of cyber-operators at the Pentagon's Joint Functional Component Command-Network Warfare at Fort Meade seemed ideally suited to the task. The unit carries out operations under a program called Countering Adversary Use of the Internet, established to blunt Islamist militants' use of online forums and chat groups to recruit and mobilize members and to spread their beliefs.

[...]

A central challenge of cyberwarfare is that an attacker can never be sure that an action will affect only the intended target. The dismantling of the CIA-Saudi site inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, a former official said. "In order to take down a Web site that is up in Country X, because the cyber-world knows no boundaries, you may end up taking out a server that is located in Country Y," the task force participant explained.

After the operation, Saudi officials vented their frustration about the loss of intelligence to the CIA. Agency officials said the U.S. military had upset an ally and acted outside its authority in conducting a covert operation, former officials said.

Efforts were made to mollify the Saudis and the Germans, they said. "There was a lot of bowing and scraping," one official said.

One early advocate for using cyber-operations against extremists was Gen. John P. Abizaid, former Central Command chief. He told a Senate committee in 2006, "We must recognize that failing to contest these virtual safe havens entails significant risk to our nation's security and the security of our troops in the field."

But some experts counter that dismantling Web sites is ineffective -- no sooner does a site come down than a mirror site pops up somewhere else. Because extremist groups store backup copies of forum information in servers around the world, "you can't really shut down this process for more than 24 or 48 hours," said Evan F. Kohlmann, a terrorism researcher and a consultant to the Nine/Eleven Finding Answers Foundation.

"It seems difficult to understand," he added, "why governments would interrupt what everyone acknowledges now to be a lucrative intelligence-gathering tool."